Commit Graph

108 Commits

Author SHA1 Message Date
basamaryan
215025ef4d sm6150-common: sepolicy: Allow vendor_fp_prop to be modified
Change-Id: I48e0d1a885ac62886b1e622ce68598270044ef84
Signed-off-by: donjohanliebert <donjohanliebert@gmail.com>
2024-11-12 14:09:54 +08:00
basamaryan
3df5cd506c
sm6150-common: Commonize sepolicy
Taken from davinci, courbet, surya, sweet, and sweet2

Change-Id: Ie9bd3354d42a36e88004ee77343e0da5397a0eba
2024-10-15 13:25:09 -04:00
Michael Bestas
15305da793
sm6150-common: sepolicy: Move common wakeup nodes to qcom sepolicy
These are not device specific and don't belong here.

Change-Id: I47de84155fa4bd81fb67b3d6ba5465b0b5db4437
2024-07-16 12:21:02 +05:30
basamaryan
12c3135ffb
sm6150-common: sepolicy: Allow fingerprint HAL to use vndbinder
Change-Id: Ic6c70a39392e349e0770411f42af15eebc5dfea4
2024-06-22 17:27:09 +05:30
basamaryan
0c3bad3c75
sm6150-common: sepolicy: Allow fingerprint HAL to interact with uevent socket
Change-Id: I11d2388b6c7894917f488334efd2851d5a938cd3
2024-06-22 17:27:09 +05:30
basamaryan
50193c8135
sm6150-common: sepolicy: Add fortsense and sunwave fingerprint rules
Change-Id: Icea6d25bde0cb54e3926b009a7b76c264e44c77e
2024-06-22 17:27:09 +05:30
Sebastiano Barezzi
176839842d
sm6150-common: sepolicy: Label double_tap sysfs node
Change-Id: Idcff758444a5c89ba20f2ae804a407ee78c445cb
2024-06-22 17:27:09 +05:30
Sebastiano Barezzi
ed6986e80f
sm6150-common: Move to common Xiaomi light AIDL
Change-Id: I00494cd392d19abd97cd65aeb4ec4bd9c9b11352
2024-06-18 02:05:33 +05:30
Bruno Martins
22ae2ff2f8 sm6150-common: Use common libqti-perfd-client and power-libperfmgr
Change-Id: I22d6b35c72629553817005deaefcae60abc72cfd
2024-05-19 18:07:53 +02:00
danielml
54a261cbd5
sm6150-common: sepolicy: Follow stock label for ro.product.mod_device
* This allows us to dynamically override the property from vendor_init

Change-Id: Id80b60028e78ae1fcc9236f66570a27759ecbdc4
Signed-off-by: danielml <daniel@danielml.dev>
2024-04-10 13:26:48 -04:00
Michael Bestas
f531fce60d
sm6150-common: Switch to android.hardware.usb@1.3-service.dual_role_usb
Change-Id: Ibd14f7d31dfaf41e040302eda3bc49f351deb618
2024-04-10 13:26:48 -04:00
basamaryan
828234a087
sm6150-common: sepolicy: Drop duplicated wakeup node
* https://review.lineageos.org/c/LineageOS/android_device_qcom_sepolicy_vndr/+/356003

Change-Id: Id5b60a4d89324cabb224609d35ca583482685447
2023-10-05 11:00:04 -04:00
danielml
cc633a0998 sm6150-common: sepolicy: Label /dev/block/mmcblk0p1 as sdcard block device
* Needed for DSU

Change-Id: I25f7272621451723eb0fc72d9b772795a1f8ed51
Signed-off-by: danielml <daniel@danielml.dev>
2023-08-20 18:47:33 +02:00
Arian
ffd0ded683 sm6150-common: sepolicy: Label cust, system and vendor block devices as system_block_device
Change-Id: Id230ee4893e67689e9162e834e9c7b9c5482c6c8
2023-08-20 18:46:58 +02:00
Arian
19e23767df Revert "sm6150-common: Force restorecon for /mnt/vendor/persist"
This reverts commit a13246a7fc.

This causes dac_override denials, set no_sehash_xattr on persist
in fstab instead to fix the issue.

Change-Id: I75f824d5b2beca5f7c3835045a7f568736e148f0
2023-06-05 11:38:04 +02:00
danielml
84cbd43575 Revert "sm6150-common: parts: Enable doze_status on screen off"
* Manually setting the doze status before entering the low-power mode
  makes the doze mode not to be set correctly on sweet.

* The doze status is automatically set when entering the low-power mode

This reverts commit 10f101e143.

Change-Id: I4dfee2ffb351b9bc426268e437a26f9eaefec319
2023-06-05 11:38:04 +02:00
danielml
f4e2098486 sm6150-common: sepolicy: Rename sys.panel.display to vendor.panel.display
Change-Id: I1765a9f867dad4ec7bdea40c50671e6416f871cb
Signed-off-by: danielml <daniel@danielml.dev>
2023-06-05 11:38:04 +02:00
Sebastiano Barezzi
c87372b3db sm6150-common: sepolicy: Drop camera.sensor* properties
* These were renamed to vendor.camera.* properties whose definition
  already exists in our current policy

Change-Id: I4392a7880d36b6b6d6aff4a6d9b43c1fc2bab950
2023-06-05 11:38:04 +02:00
Sebastiano Barezzi
6d2810da32 sm6150-common: sepolicy: Bringup property_contexts for Android 13
Change-Id: I60070ba7658ce262be66ee3bdd0cb6cdcf9b8c49
2023-06-05 11:38:04 +02:00
danielml
187b64e74f sm6150-common: sepolicy: Remove no longer existing properties
Change-Id: Icf3ef6dbf497671fec757f0de56d58df432d1d87
Signed-off-by: danielml <daniel@danielml.dev>
2023-06-05 11:38:04 +02:00
basamaryan
4fd45a6d3a sm6150-common: sepolicy: Label fpc wakeup node
Change-Id: I6c7b7d5d2777bfae02b3bd8b0d875ccc2564f337
2023-06-05 11:38:04 +02:00
LuK1337
b2babf0134 sm6150-common: Make trust use dwc3 usb_data_enabled
Change-Id: I8fab94faf383c57e872596f8bb3c448afc6d75de
2023-06-03 21:42:43 +02:00
raghavt20
4a67b5eb26 sm6150-common: sepolicy: Label Spi IR node
Change-Id: I550e823b11bbc8e37cffa164a2047d57d8a5499a
Signed-off-by: raghavt20 <raghavt20@aospa.co>
2023-05-18 17:09:45 +05:30
basamaryan
52a5530afe sm6150-common: sepolicy: Label more wakeup nodes
Change-Id: I3fd5d4f44b28b7c0c8bff6adb8d39e9a389b1981
2023-01-27 01:32:59 +00:00
Bruno Martins
bb8d9f4905 sm6150-common: sepolicy: Label UDFPS state node
Change-Id: I7a4ca9a3e98e0af90be5aedc88fa1eaa344abb76
2022-11-15 11:20:32 +01:00
Arian
28b9dec732 sm6150-common: sepolicy: Label new telephony properties
Change-Id: Iad765076ceba263e4933374178eec670ffc81959
2022-07-13 17:54:15 +02:00
Bruno Martins
cc3ba5c9c2 sm6150-common: Move to common fingerprint HIDL
Change-Id: I7cb0a45c865d9dbfd800b1d633f8d5ae613bb1b9
2022-06-28 00:41:07 +02:00
Arian
f97544641c sm6150-common: sepolicy: Extend vendor_toolbox permissions to files in persist
Change-Id: Idf0d7b67e861d2dcb8f6b46cbd2cc5b26b77e08d
2022-06-28 00:40:59 +02:00
Arian
dc759f6420 sm6150-common: sepolicy: Label additional usb related wakeup nodes
Change-Id: I21b3a00d504938f0b1da02f606c8f0fb729aa089
2022-06-28 00:23:34 +02:00
Arian
08b94607f0 Revert "davinci: sepolicy: Remove qcom PMIC devices wakeup nodes"
* These are not labelled by qcom sepolicy on 19.1 anymore

This reverts commit a02dd0dd72.

Change-Id: I5beb0916a1942507f13720de0d0d986422e5eb2e
2022-06-28 00:23:34 +02:00
Felix
a13246a7fc sm6150-common: Force restorecon for /mnt/vendor/persist
The restorecon_recursive directive in init is only applied if the
file_contexts file changed between builds, but not necessarily if any
file or folder inside /mnt/vendor/persist/ has changed.

The restorecon code checks whether an xattr named
"security.sehash" contains a string that matches the current
combined hashes of the SELinux context files and skips restoring labels
if there is a match, see
https://android.googlesource.com/platform/external/selinux/+/refs/tags/android-9.0.0_r35/libselinux/src/android/android_platform.c#1546

Force wiping that xattr so that restorecon always runs since it's not
very expensive (there are currently only about 50 files on /persist).

The restorecon is needed to fix issues such as wrong stock labels on
/mnt/vendor/persist/sensors/:
sensors_persist_file -> persist_sensors_file

Change-Id: Ic0cd848836ee550499d9236f56ed6e939e35f01e
2022-03-27 13:38:12 +02:00
Arian
f23eac1c98 sm6150-common: sepolicy: Add vendor prefix to camera persist file type
Change-Id: Ia42113acb0fcf5667c0b89ecdd7def13681ca0be
2022-03-27 13:38:07 +02:00
Arian
5a4c03d68e sm6150-common: sepolicy: Move xiaomi specific property labels to vendor
Change-Id: I4f2f5e2ee9b0751e3af14fbb1cd4ab93814755f8
2021-12-29 10:19:42 +00:00
Arian
1edab42a1a Revert "davinci: sepolicy: Label manufacturer prop used by camera hal"
This is labelled in system/sepolicy as build_prop now

This reverts commit 50625df1c3.

Change-Id: Ia744a2c2eba1c6aade04e29c975c6b8bc26c9fee
2021-12-29 10:19:01 +00:00
Inseob Kim
87b0b914b1 sm6150-common: sepolicy: Attach vendor_property_type to properties
We are going to enforce that each property has an explicit owner, such
as system, vendor, or product. This attaches vendor_property_type to
properties defined under vendor sepolicy directories.

Bug: 159097992
Test: m selinux_policy && boot device
Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
Merged-In: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded
(cherry picked from commit 44eb8e1f89adf04fd413a69391fd444ba68af742)
(cherry picked from commit 1922128397116d551a663d5344b4456a84bf46eb)
2021-12-29 10:18:50 +00:00
Cosmin Tanislav
bd7d6d7d59 sm6150-common: fingerprint: Add thread listening for fod_ui sysfs event
Change-Id: I36f5789657daa70cf39fbdfe501392b9f96dbf2e
2021-12-29 10:17:39 +00:00
Arian
3cf7b626a4 sm6150-common: fingerprint: Conditionally implement UDFPS
hardware/fingerprint.h is imported from android-12.0.0_r1.
The xiaomi fingerprint extension command was added to the
fingerprint_device struct and it was clang-formatted.

Change-Id: I5c5f876eb47a558059a2423ca5f6cc75afaf3e1d
2021-12-29 10:16:45 +00:00
Arian
a54d369435 sm6150-common: fingerprint: Uprev to 2.3 HAL
Change-Id: I56ea1646ef464f7e533add5a0017620e21db686d
2021-12-29 10:13:58 +00:00
Arian
565809d0b5 Revert "sm6150-common: fingerprint: Allow to build without fingerprintextension"
This reverts commit a8c1391091.

Change-Id: I78244b2491b8ba824907cf1cb056c2f26bffbc72
2021-12-29 10:13:58 +00:00
Jaegeuk Kim
778c3c7f4a sm6150-common: sepolicy: Allow ioctl to zram_swap for performance
This fixes permission denied when setting F2FS_PIN_FILE.

[   46.726131] init: [libfs_mgr]Failed to set pin_file for f2fs: /data/per_boot/zram_swap: Permission denied
[   46.726151] init: [libfs_mgr]Failure of zram backing device file for '/dev/block/zram0'
[   46.726341] type=1400 audit(1601025878.312:17): avc: denied { ioctl } for comm="init" path="/data/per_boot/zram_swap" dev="dm-9" ino=4868 ioctlcmd=0xf50d scontext=u:r:init:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=0

Bug: 169311165
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I982f70556284ac55d659bae6aff93b84d71e67f0
2021-12-29 09:59:07 +00:00
Mimi Wu
479a60f41c sm6150-common: sepolicy: Modify sepolicy for toolbox to rm -rf /data/per_boot
type=1400 audit(1581489923.612:571): avc: denied { getattr } for comm="rm" path="/data/per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.612:572): avc: denied { read } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.612:573): avc: denied { open } for comm="rm" path="/data/per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.616:574): avc: denied { getattr } for comm="rm" path="/data/per_boot/ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581489923.616:575): avc: denied { write } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.616:576): avc: denied { remove_name } for comm="rm" name="ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1
type=1400 audit(1581489923.619:577): avc: denied { unlink } for comm="rm" name="ft09,GYyRLUL4NXv4BjupD" dev="dm-9" ino=4578 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=file permissive=1
type=1400 audit(1581489923.656:578): avc: denied { rmdir } for comm="rm" name="per_boot" dev="dm-9" ino=4577 scontext=u:r:toolbox:s0 tcontext=u:object_r:per_boot_file:s0 tclass=dir permissive=1

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I22706c63fb13ea2aae0cd9fe8b92edc578fd459e
Signed-off-by: Mimi Wu <mimiwu@google.com>
2021-12-29 09:59:01 +00:00
Mimi Wu
73025604d6 sm6150-common: sepolicy: Add sepolicy for kernel to access /data/per_boot/zram_swap
type=1400 audit(1581485243.256:88): avc: denied { read } for comm="loop29" path="/data/per_boot/zram_swap" dev="dm-9" ino=9820 scontext=u:r:kernel:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0

Bug: 147469156
Test: flash full build and find avc errors gone
Change-Id: I48d7684ce3b4ca1ada81011b1cab21007c758ba5
Signed-off-by: Mimi Wu <mimiwu@google.com>
2021-12-29 09:58:35 +00:00
Arian
514f6bb6b0
sm6150-common: sepolicy: Allow power HAL to read idle_state node
Change-Id: I53e0f3ed275a93d6d5cd0001a438221a043e3ea8
2021-07-14 21:05:07 +02:00
Arian
5875449baa
sm6150-common: sepolicy: Label fastrpc adsprpc wakeup nodes
Change-Id: Ia0268c7aa4cc9344e5a2a76dd661ff1a15b747ef
2021-07-14 20:59:14 +02:00
Arian
a73e27936f
sm6150-common: Set permissions on /dev/xiaomi-touch
Change-Id: I94f9b64f983098b6497ffcdee9817c72d471528f
2021-07-13 22:13:56 +02:00
Arian
10f101e143
sm6150-common: parts: Enable doze_status on screen off
* This allows to enter the doze state faster when unlocking from lockscreen

Change-Id: I1900436c974a605555275ef67b283ead2cf720b5
2021-07-03 21:23:39 +02:00
Arian
727405d31d
sm6150-common: parts: Implement doze modes and auto brightness
Change-Id: I03888d1997b09cb539952dfed935a7ace5e3444c
2021-07-03 21:23:14 +02:00
Arian
8cf1d5dda3
sm6150-common: power: Use xiaomi-touch to handle dt2w
Change-Id: I73f95e32daf9e2c702662ac2c2c8182e6b8eb214
2021-06-25 19:22:00 +02:00
Arian
cf3b3272ae
davinci: sepolicy: Label idle_state sysfs nodes
Change-Id: Iad52c65df63f858c0019155d47ccbb1ee46b5984
2021-06-25 12:31:35 +02:00
Arian
c1baef0dd8
sm6150-common: sepolicy: Address power HAL denials
Change-Id: I7327bd54c0d12fde03472695a5598d2a3d22f716
2021-06-21 23:43:39 +02:00